Subject: kern/24450: wi crash
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <lha@netbsd.org>
List: netbsd-bugs
Date: 02/17/2004 08:55:36
>Number: 24450
>Category: kern
>Synopsis: wi crash
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Feb 17 07:56:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Love
>Release: NetBSD 1.6ZK
>Organization:
>Environment:
System: NetBSD nutcracker.stacken.kth.se 1.6ZK NetBSD 1.6ZK (NUTCRACKER) #49: Sun Feb 15 21:37:42 CET 2004 lha@nutcracker.stacken.kth.se:/usr/src/sys/arch/i386/compile/NUTCRACKER i386
Architecture: i386
Machine: i386
>Description:
[ may be duplicate of diffrent pr, but it seem to have got lost ]
put some load on the wi0 card by running network filesystem
regression test, it seem to end up in OACTIVE (and that is
usually fixed with ifconfig down/up), so I checked for that with
ifconfig wi0, this make wi0 unhappy and crash on me.
>How-To-Repeat:
se above
: root@nutcracker ; gdb
GNU gdb 5.3nb1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386--netbsdelf".
(gdb) kcore 81
(no debugging symbols found)...panic: trap
#0 0x00000001 in ?? ()
(gdb) bt
#0 0x00000001 in ?? ()
#1 0xc02e3917 in cpu_reboot (howto=671596544, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:757
#2 0xc02752a4 in panic (
fmt=0x1000 "U\211åVWS\036\006\017 \017¨\213E\bf£à\037")
at ../../../../kern/subr_prf.c:243
#3 0xc02ebd7c in trap (frame=0xcd40bcd4)
at ../../../../arch/i386/i386/trap.c:296
#4 0xc0102c71 in calltrap ()
#5 0xc0189d55 in wi_read_rid (sc=0xcca954ac, rid=-851395456, buf=0xcd40bd8a,
buflenp=0xcd40bcac) at ../../../../dev/ic/wi.c:2696
#6 0xc018722d in wi_media_status (ifp=0x0, imr=0xcd40bea4)
at ../../../../dev/ic/wi.c:1388
(gdb) fr 5
#5 0xc0189d55 in wi_read_rid (sc=0xcca954ac, rid=-851395456, buf=0xcd40bd8a,
buflenp=0xcd40bcac) at ../../../../dev/ic/wi.c:2696
2696 return wi_read_bap(sc, rid, sizeof(ltbuf), buf, len);
(gdb) info local
error = 0
len = 0
ltbuf = {0, 64836}
(gdb) up
#6 0xc018722d in wi_media_status (ifp=0x0, imr=0xcd40bea4)
at ../../../../dev/ic/wi.c:1388
1388 if (wi_read_rid(sc, WI_RID_CUR_TX_RATE, &val, &len) != 0)
(gdb) info local
sc = (struct wi_softc *) 0xc140d000
ic = (struct ieee80211com *) 0xc140d034
val = 8
rate = 0
len = 21386327
(gdb) set height 0
(gdb) p/x *sc
$1 = {sc_dev = {dv_class = 0x3, dv_list = {tqe_next = 0xc1411000,
tqe_prev = 0xc140cc04}, dv_cfdata = 0xc0472008,
dv_cfdriver = 0xc0470540, dv_cfattach = 0xc047c5a0, dv_unit = 0x0,
dv_xname = {0x77, 0x69, 0x30, 0x0 <repeats 13 times>},
dv_parent = 0xc11df000, dv_flags = 0x1}, sc_ic = {ic_ec = {ec_if = {
if_softc = 0xc140d000, if_list = {tqe_next = 0xc1411040,
tqe_prev = 0xc04c4ee4}, if_addrlist = {tqh_first = 0xc1410f80,
tqh_last = 0xc162ff10}, if_xname = {0x77, 0x69, 0x30,
0x0 <repeats 13 times>}, if_pcount = 0x0, if_bpf = 0xc1403c60,
if_index = 0x1, if_timer = 0x1, if_flags = 0x8863, if__pad1 = 0x0,
if_data = {ifi_type = 0x6, ifi_addrlen = 0x6, ifi_hdrlen = 0x18,
ifi_link_state = 0x0, ifi_mtu = 0x5dc, ifi_metric = 0x0,
ifi_baudrate = 0xa7d8c0, ifi_ipackets = 0x1d97f, ifi_ierrors = 0x0,
ifi_opackets = 0x1fafa, ifi_oerrors = 0xe, ifi_collisions = 0x206b,
ifi_ibytes = 0x28c05b0, ifi_obytes = 0x3e8870d, ifi_imcasts = 0x49,
ifi_omcasts = 0x16, ifi_iqdrops = 0x0, ifi_noproto = 0x0,
ifi_lastchange = {tv_sec = 0x402fef47, tv_usec = 0xdf720}},
if_output = 0xc02ab944, if_input = 0xc02abf70, if_start = 0xc018648c,
if_ioctl = 0xc0186e04, if_init = 0xc01858cc, if_stop = 0xc0186090,
if_watchdog = 0xc0186cec, if_drain = 0x0, if_snd = {ifq_head = 0x0,
ifq_tail = 0x0, ifq_len = 0x0, ifq_maxlen = 0x32,
ifq_drops = 0x5dd5a5, altq_type = 0x0, altq_flags = 0x0,
altq_disc = 0x0, altq_ifp = 0x0, altq_enqueue = 0x0,
altq_dequeue = 0x0, altq_request = 0x0, altq_clfier = 0x0,
altq_classify = 0x0, altq_tbr = 0x0, altq_cdnr = 0x0},
if_sadl = 0xc1410fb8, if_broadcastaddr = 0xc0479c00, if_bridge = 0x0,
if_dlt = 0x1, if_pfil = {ph_in = {tqh_first = 0x0,
tqh_last = 0xc140d158}, ph_out = {tqh_first = 0x0,
tqh_last = 0xc140d160}, ph_type = 0x2, ph_un = {
phu_val = 0xc140d034, phu_ptr = 0xc140d034}, ph_list = {
le_next = 0x0, le_prev = 0xc141117c}}, if_capabilities = 0x0,
if_capenable = 0x0, if_csum_flags_tx = 0x0, if_csum_flags_rx = 0x0,
if_afdata = {0x0 <repeats 24 times>, 0xc1198920, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, if_mowner = 0x0}, ec_multiaddrs = {
lh_first = 0xc15f1060}, ec_multicnt = 0x4, ec_capabilities = 0x0,
ec_capenable = 0x0, ec_nvlans = 0x0}, ic_recv_mgmt = 0xc02be27c,
ic_send_mgmt = 0xc02c296c, ic_newstate = 0xc0189e78, ic_newassoc = 0x0,
ic_set_tim = 0xc018a134, ic_myaddr = {0x0, 0x5, 0x3c, 0x7, 0xbc, 0xe},
ic_sup_rates = {{rs_nrates = 0x0, rs_rates = {0x0 <repeats 15 times>}}, {
rs_nrates = 0x0, rs_rates = {0x0 <repeats 15 times>}}, {
rs_nrates = 0x4, rs_rates = {0x2, 0x4, 0xb, 0x16,
0x0 <repeats 11 times>}}, {rs_nrates = 0x0, rs_rates = {
0x0 <repeats 15 times>}}, {rs_nrates = 0x0, rs_rates = {
0x0 <repeats 15 times>}}, {rs_nrates = 0x0, rs_rates = {
0x0 <repeats 15 times>}}}, ic_channels = {{ic_freq = 0x0,
ic_flags = 0x0}, {ic_freq = 0x96c, ic_flags = 0xa0}, {ic_freq = 0x971,
ic_flags = 0xa0}, {ic_freq = 0x976, ic_flags = 0xa0}, {
ic_freq = 0x97b, ic_flags = 0xa0}, {ic_freq = 0x980, ic_flags = 0xa0},
{ic_freq = 0x985, ic_flags = 0xa0}, {ic_freq = 0x98a, ic_flags = 0xa0}, {
ic_freq = 0x98f, ic_flags = 0xa0}, {ic_freq = 0x994, ic_flags = 0xa0},
{ic_freq = 0x999, ic_flags = 0xa0}, {ic_freq = 0x99e, ic_flags = 0xa0}, {
ic_freq = 0x0, ic_flags = 0x0} <repeats 244 times>}, ic_chan_avail = {
0xfe, 0xf, 0x0 <repeats 254 times>}, ic_chan_active = {0xfe, 0xf,
0x0 <repeats 254 times>}, ic_chan_scan = {0x0 <repeats 256 times>},
ic_mgtq = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0x0,
ifq_maxlen = 0x0, ifq_drops = 0x0}, ic_pwrsaveq = {ifq_head = 0x0,
ifq_tail = 0x0, ifq_len = 0x0, ifq_maxlen = 0x0, ifq_drops = 0x0},
ic_flags = 0x100, ic_caps = 0x21f, ic_modecaps = 0x5, ic_curmode = 0x0,
ic_phytype = 0x0, ic_opmode = 0x1, ic_state = 0x4, ic_aid_bitmap = {
0x0 <repeats 63 times>}, ic_max_aid = 0x100, ic_media = {ifm_mask = 0x0,
ifm_media = 0x0, ifm_cur = 0xc1403c20, ifm_list = {
tqh_first = 0xc1403c20, tqh_last = 0xc1403600},
ifm_change = 0xc018705c, ifm_status = 0xc01871c4}, ic_rawbpf = 0x0,
ic_bss = 0xc1401200, ic_ibss_chan = 0xc140d2aa,
ic_fixed_rate = 0xffffffff, ic_rtsthreshold = 0x908,
ic_fragthreshold = 0x92a, ic_scangen = 0x1, ic_node_alloc = 0xc01872d4,
ic_node_free = 0xc01872f0, ic_node_copy = 0xc018732c,
ic_node_getrssi = 0xc02c18dc, ic_node = {tqh_first = 0x0,
tqh_last = 0xc140db24}, ic_hash = {{lh_first = 0x0} <repeats 32 times>},
ic_lintval = 0x64, ic_holdover = 0x0, ic_txmin = 0x0, ic_txmax = 0x0,
ic_txlifetime = 0x0, ic_txpower = 0x0, ic_bmisstimeout = 0x2bc,
ic_mgt_timer = 0x0, ic_inact_timer = 0x0, ic_des_esslen = 0x0,
ic_des_essid = {0x0 <repeats 32 times>}, ic_des_chan = 0xffff,
ic_des_bssid = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, ic_nw_keys = {{
wk_len = 0x5, wk_key = {,
0x0 <repeats 16 times>}}, {wk_len = 0x0, wk_key = {
0x0 <repeats 16 times>}}, {wk_len = 0x0, wk_key = {
0x0 <repeats 16 times>}}, {wk_len = 0x0, wk_key = {
0x0 <repeats 16 times>}}}, ic_wep_txkey = 0x0, ic_wep_ctx = 0x0,
ic_iv = 0xafdd56, ic_stats = {is_rx_badversion = 0x0,
is_rx_tooshort = 0x0, is_rx_wrongbss = 0x0, is_rx_dup = 0x0,
is_rx_wrongdir = 0x0, is_rx_mcastecho = 0x0, is_rx_notassoc = 0x0,
is_rx_nowep = 0x0, is_rx_wepfail = 0x0, is_rx_decap = 0x0,
is_rx_mgtdiscard = 0x0, is_rx_ctl = 0x0, is_rx_rstoobig = 0x0,
is_rx_elem_missing = 0x0, is_rx_elem_toobig = 0x0,
is_rx_elem_toosmall = 0x0, is_rx_elem_unknown = 0x0,
is_rx_badchan = 0x0, is_rx_chanmismatch = 0x0, is_rx_nodealloc = 0x0,
is_rx_ssidmismatch = 0x0, is_rx_auth_unsupported = 0x0,
is_rx_auth_fail = 0x0, is_rx_assoc_bss = 0x0, is_rx_assoc_notauth = 0x0,
is_rx_assoc_capmismatch = 0x0, is_rx_assoc_norate = 0x0,
is_rx_deauth = 0x0, is_rx_disassoc = 0x0, is_rx_badsubtype = 0x0,
is_rx_nombuf = 0x0, is_rx_decryptcrc = 0x0, is_rx_ahdemo_mgt = 0x0,
is_rx_bad_auth = 0x0, is_tx_nombuf = 0x0, is_tx_nonode = 0x0,
is_tx_unknownmgt = 0x0, is_scan_active = 0x0, is_scan_passive = 0x0,
is_node_timeout = 0x0, is_crypto_nomem = 0x0}}, sc_ih = 0xc18ce4a0,
sc_enable = 0xc0329fec, sc_disable = 0xc032a044, sc_reset = 0xc032a060,
sc_newstate = 0xc02c3994, sc_attached = 0x1, sc_enabled = 0x1,
sc_invalid = 0x0, sc_firmware_type = 0x2, sc_pri_firmware_ver = 0x2774,
sc_sta_firmware_ver = 0x28a9, sc_pci = 0x1, sc_iot = 0x1,
sc_ioh = 0xcaf3a000, sc_drvbpf = 0x0, sc_flags = 0x6a8, sc_bap_id = 0xfd44,
sc_bap_off = 0x4, sc_portnum = 0x0, sc_dbm_offset = 0x64,
sc_max_datalen = 0x900, sc_frag_thresh = 0x92a, sc_rts_thresh = 0x92b,
sc_system_scale = 0x1, sc_tx_rate = 0x8, sc_cnfauthmode = 0x1,
sc_roaming_mode = 0x1, sc_microwave_oven = 0x0, sc_nodelen = 0x14,
sc_nodename = {0x6e, 0x75, 0x74, 0x63, 0x72, 0x61, 0x63, 0x6b, 0x65, 0x72,
0x0 <repeats 22 times>}, sc_buflen = 0x944, sc_txd = {{d_fid = 0x127,
d_len = 0x0, d_rate = 0x3}, {d_fid = 0x13c, d_len = 0x0, d_rate = 0x3}, {
d_fid = 0x151, d_len = 0x0, d_rate = 0x3}}, sc_txnext = 0x0,
sc_txcur = 0x0, sc_rssd = {{rd_desc = {id_len = 0x5d0, id_rateidx = 0x3,
id_node = 0xc1401200, id_rssi = 0x2b}, rd_next = {
sle_next = 0xc140ddcc}}, {rd_desc = {id_len = 0x5d0, id_rateidx = 0x3,
id_node = 0xc1401200, id_rssi = 0x2b}, rd_next = {
sle_next = 0xc140dda4}}, {rd_desc = {id_len = 0x5d0, id_rateidx = 0x3,
id_node = 0x0, id_rssi = 0x2b}, rd_next = {sle_next = 0xc140ddf4}}, {
rd_desc = {id_len = 0x5d0, id_rateidx = 0x3, id_node = 0xc1401200,
id_rssi = 0x2b}, rd_next = {sle_next = 0xc140ddcc}}, {rd_desc = {
id_len = 0x5d0, id_rateidx = 0x3, id_node = 0x0, id_rssi = 0x2a},
rd_next = {sle_next = 0xc140de08}}, {rd_desc = {id_len = 0x5d0,
id_rateidx = 0x3, id_node = 0x0, id_rssi = 0x2a}, rd_next = {
sle_next = 0xc140de30}}, {rd_desc = {id_len = 0x5d0, id_rateidx = 0x3,
id_node = 0x0, id_rssi = 0x2b}, rd_next = {sle_next = 0x0}}, {
rd_desc = {id_len = 0x5d0, id_rateidx = 0x3, id_node = 0x0,
id_rssi = 0x2a}, rd_next = {sle_next = 0xc140de44}}, {rd_desc = {
id_len = 0x5d0, id_rateidx = 0x3, id_node = 0x0, id_rssi = 0x2a},
rd_next = {sle_next = 0xc140de1c}}, {rd_desc = {id_len = 0x5d0,
id_rateidx = 0x3, id_node = 0x0, id_rssi = 0x2a}, rd_next = {
sle_next = 0xc140ddcc}}}, sc_rssdfree = {slh_first = 0xc140de58},
sc_tx_timer = 0x0, sc_scan_timer = 0x0, sc_syn_timer = 0x0, sc_stats = {
wi_tx_unicast_frames = 0x1fab8, wi_tx_multicast_frames = 0x0,
wi_tx_fragments = 0x1fadc, wi_tx_unicast_octets = 0x16a7c0f,
wi_tx_multicast_octets = 0x0, wi_tx_deferred_xmits = 0x2086,
wi_tx_single_retries = 0x2024, wi_tx_multi_retries = 0x43,
wi_tx_retry_limit = 0x4, wi_tx_discards = 0x0,
wi_rx_unicast_frames = 0x1d92f, wi_rx_multicast_frames = 0x12b52,
wi_rx_fragments = 0x30481, wi_rx_unicast_octets = 0x28eecc9,
wi_rx_multicast_octets = 0x4ff326, wi_rx_fcs_errors = 0x58,
wi_rx_discards_nobuf = 0x4, wi_tx_discards_wrong_sa = 0x0,
wi_rx_WEP_cant_decrypt = 0x0, wi_rx_msg_in_msg_frags = 0x0,
wi_rx_msg_in_bad_msg_frags = 0x1}, sc_ibss_port = 0x0, sc_aps = {{
scanreason = 0x3, bssid = {0x0, 0x60, 0x1d, 0xf2, 0x49, 0xa1},
channel = 0x3, signal = 0x2d, noise = 0x6, quality = 0x27,
namelen = 0x3, name = {0x57, 0x54, 0x46, 0x0 <repeats 29 times>},
capinfo = 0x11, interval = 0x64, rate = 0x6e}, {scanreason = 0x0,
bssid = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, channel = 0x0, signal = 0x0,
noise = 0x0, quality = 0x0, namelen = 0x0, name = {
0x0 <repeats 32 times>}, capinfo = 0x0, interval = 0x0,
rate = 0x0} <repeats 29 times>}, sc_naps = 0x0, sc_false_syns = 0x1,
sc_alt_retry = 0x2, sc_rxtapu = {tap = {wr_ihdr = {it_version = 0x0,
it_pad = 0x0, it_len = 0x40, it_present = 0x6e}, wr_flags = 0x0,
wr_rate = 0x0, wr_chan_freq = 0x0, wr_chan_flags = 0x0,
wr_antsignal = 0x0, wr_antnoise = 0x0}, pad = {0x0, 0x0, 0x40, 0x0,
0x6e, 0x0 <repeats 59 times>}}, sc_txtapu = {tap = {wt_ihdr = {
it_version = 0x0, it_pad = 0x0, it_len = 0x40, it_present = 0xe},
wt_flags = 0x0, wt_rate = 0x0, wt_chan_freq = 0x0, wt_chan_flags = 0x0},
pad = {0x0, 0x0, 0x40, 0x0, 0xe, 0x0 <repeats 59 times>}}, sc_txbuf = {
0xaaaa, 0x3, 0x0, 0x8, 0x45, 0x4f00, 0x3e25, 0x0, 0x1140, 0x5478, 0xed82,
0x2ed, 0xed82, 0x2eea, 0x591b, 0x581b, 0x3b00, 0x3785, 0x9223, 0x1ded,
0x670a, 0x68b7, 0x0, 0xb101, 0x0, 0x5d00, 0x0, 0xf12a, 0x102, 0x200,
0x3c66, 0x100, 0x0, 0x0, 0x0, 0x5d00, 0x0, 0x5d00, 0x0, 0x33c, 0x101, 0x1,
0x500, 0x1c0, 0x1, 0x500, 0x48c0, 0x736f, 0x3a74, 0x7720, 0x7777, 0x672e,
0x6f6f, 0x6c67, 0x2e65, 0x6f63, 0xd6d, 0x550a, 0x6573, 0x2d72, 0x6741,
0x6e65, 0x3a74, 0x4d20, 0x7a6f, 0x6c69, 0x616c, 0x352f, 0x302e, 0x2820,
0x3158, 0x3b31, 0x5520, 0x203b, 0x654e, 0x4274, 0x4453, 0x6920, 0x3833,
0x3b36, 0x6520, 0x2d6e, 0x5355, 0x203b, 0x7672, 0x313a, 0x342e, 0x2029,
0x6547, 0x6b63, 0x2f6f, 0x3032, 0x3330, 0x3031, 0x3531, 0xa0d, 0x6341,
0x6563, 0x7470, 0x203a, 0x6574, 0x7478, 0x782f, 0x6c6d, 0x612c, 0x7070,
0x696c, 0x6163, 0x6974, 0x6e6f, 0x782f, 0x6c6d, 0x612c, 0x7070, 0x696c,
0x6163, 0x6974, 0x6e6f, 0x782f, 0x7468, 0x6c6d, 0x782b, 0x6c6d, 0x742c,
0x7865, 0x2f74, 0x7468, 0x6c6d, 0x713b, 0x303d, 0x392e, 0x742c, 0x7865,
0x2f74, 0x6c70, 0x6961, 0x3b6e, 0x3d71, 0x2e30, 0x2c38, 0x6976, 0x6564,
0x2f6f, 0x2d78, 0x6e6d, 0x2c67, 0x6d69, 0x6761, 0x2f65, 0x6e70, 0x2c67,
0x6d69, 0x6761, 0x2f65, 0x706a, 0x6765, 0x692c, 0x616d, 0x6567, 0x672f,
0x6669, 0x713b, 0x303d, 0x322e, 0x2a2c, 0x2a2f, 0x713b, 0x303d, 0x312e,
0xa0d, 0x6341, 0x6563, 0x7470, 0x4c2d, 0x6e61, 0x7567, 0x6761, 0x3a65,
0x6520, 0x2d6e, 0x7375, 0x652c, 0x3b6e, 0x3d71, 0x2e30, 0xd35, 0x410a,
0x6363, 0x7065, 0x2d74, 0x6e45, 0x6f63, 0x6964, 0x676e, 0x203a, 0x7a67,
0x7069, 0x642c, 0x6665, 0x616c...}, sc_txpending = {0x0, 0x0, 0x0, 0x3,
0x0 <repeats 11 times>}, sc_rssadapt_ch = {c_list = {cq_next = {
elem = 0xc04c4ef0, list = 0xc04c4ef0}, cq_prev = {elem = 0xcc482b94,
list = 0xcc482b94}}, c_func = 0xc0189e14, c_arg = 0xc140d000,
c_time = 0xc9df4, c_flags = 0x2}}
(gdb)
>Fix:
dunno
>Release-Note:
>Audit-Trail:
>Unformatted: